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From the Preface (See Front Matter for full Preface) 



Electronic computers have evolved from exiguous experimental enterprises in the 1940s 
to prolific practical data processing systems in the 1980s. As we have come to rely on 
these systems to process and store data, we have also come to wonder about their ability 
to protect valuable data. 

Data security is the science and study of methods of protecting data in computer and 
communication systems from unauthorized disclosure ... 
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review 

The secure shell (SSH) protocol is one of the most popular cryptographic protocols on the 
Internet. Unfortunately, the current SSH authenticated encryption mechanism is insecure. 
In this paper, we propose several fixes to the SSH protocol and, using techniques from 
modern cryptography, we prove that our modified versions of SSH meet strong new 
chosen-ciphertext privacy and integrity requirements. Furthermore, our proposed fixes 
will require relatively little modification to the SSH protoc ... 
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Publisher: ACM Press 
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A new protection mechanism is described that provides general primitives for protection 
and authentication. The mechanism is based on the idea of sealing an object with a key. 
Sealed objects are self-authenticating, and in the absence of an appropriate set of keys, 
only provide information about the size of their contents. New keys can be freely created 
at any time, and keys can also be derived from existing keys with operators that include 
Key-And and Key-Or 
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This paper will describe various methods to secure an APL database application. Primary 
foci will be in the areas of "physical" protection, and in cryptographic techniques. To that 
end, distinctions will be made between "data," and "information." Because of those 
differences, specific methods will be offered which are appropriate for each modality of 
security. A brief set of examples will be included for the use of IBM'sl RACF 

Com puter security ( SEC): Protected transmission of biometric user authentication 
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March 2004 Proceedings of the 2004 ACM symposium on Applied computing SAC '04 

Publisher: ACM Press 
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Since fingerprint data are no secrets but of public nature, the verification data transmitted 
to a smartcard for oncard-matching need protection by appropriate means in order to 
assure data origin in the biometric sensor and to prevent bypassing the sensor. For this 
purpose, the verification data to be transferred to the user smartcard is protected with a 
cryptographic checksum that is calculated within a separate security module controlled by 
a tamper resistant card terminal with integrated bio ... 
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inj ection attacks 

Elena Gabriela Barrantes, David H. Ackley, Trek S. Palmer, Darko Stefanovic, Dino Dai Zovi 
October 2003 Proceedings of the 10th ACM conference on Computer and 

communications security CCS '03 
Publisher: ACM Press 

p ii , , , , . ->a Additional Information: full citation , abstract , references , citings, index 
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Binary code injection into an executing program is a common form of attack. Most current 
defenses against this form of attack use a 'guard all doors' strategy, trying to block the 
avenues by which execution can be diverted. We describe a complementary method of 
protection, which disrupts foreign code execution regardless of how the code is injected. A 
unique and private machine instruction set for each executing program would make it 
difficult for an outsider to design binary attack code against ... 

Keywords: automated diversity, emulation, information hiding, language randomization, 
obfuscation, security 
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Ay Ronald S. King, James H. Nolen 
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May 2006 ACM SIGSOFT Software Engineering Notes, volume 3i issue 3 
Publisher: ACM Press 
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Traditional strong authentication systems rely on a certification chain to delegate the 
authority of trusting an intermediate end. However, in some practical life scenarios a 
relayed authentication is not accepted and thus it would be advisable a straight proof of 
trustiness with a direct interaction with the involved party. Our protocol introduces a 
registry of certified operations from which it descends the authentication and the 
consequent proof of identity. Despite the fact that such system ... 
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SSL is the de facto standard today for securing end-to-end transport on the Internet. 
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While the protocol itself seems rather secure, there are a number of risks that lurk in its 
use, for example, in web banking. However, the adoption of password-based key- 
exchange protocols can overcome some of these problems. We propose the integration of 
such a protocol (DH-EKE) in the TLS protocol, the standardization of SSL by IETF. The 
resulting protocol provides secure mutual authentication and key establi ... 

Keywords: Authenticated key exchange, dictionary attack, key agreement, password, 
perfect forward secrecy, secure channel, transport layer security, weak secret 
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terms 

It is well-known that, left to themselves, people will choose passwords that can be rather 
readily guessed. If this is done, they are usually vulnerable to an attack based on copying 
the content of messages forming part of an authentication protocol and experimenting, 
e.g. with a dictionary, offline. The most usual counter to this threat is to require people to 
use passwords which are obscure, or even to insist on the system choosing their 
passwords for them. In this paper we show alternati ... 
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Robert Morris, Ken Thompson 
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Publisher: ACM Press 

Full text available:^ pdf ( 446.89 KB ) Additional Information: full citation , abstract , references , citin gs 

This paper describes the history of the design of the password security scheme on a 
remotely accessed time-sharing system. The present design was the result of countering 
observed attempts to penetrate the system. The result is a compromise between extreme 
security and ease of use. 
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UmutTopkara, Mikhail J. Atallah, Mercan Topkara 

March 2007 Proceedings of the 2007 ACM symposium on Applied computing SAC '07 

Publisher: ACM Press 
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Research on password authentication systems has repeatedly shown that people choose 
weak passwords because of the difficulty of remembering random passwords. Moreover, 
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users with multiple passwords for unrelated activities tend to choose almost similar 
passwords for all of them. Many password schemes have been proposed to alleviate this 
problem, but they either require modification to the password entry and processing 
infrastructure (e.g., graphical passwords) or they require the user to have ... 

Keywords: authentication, mnemonic sentence, natural language processing, passwords, 
usability 



16 Limitations of the Kerberos authentication system 
S. M. Bellovin, M. Merritt 

October 1990 ACM SIGCOMM Computer Communication Review, volume 20 issue 5 
Publisher: ACM Press 

Full text available: *g] pdf(1. 12 MB ) Additional Information: full citation , abs t rac t, citi ngs, index terms 

The Kerberos authentication system, a part of MIT's Project Athena, has been adopted by 
other organizations. Despite Kerberos's many strengths, it has a number of limitations 
and some weaknesses. Some are due to specifics of the MIT environment; others 
represent deficiencies in the protocol design. We discuss a number of such problems, and 
present solutions to some of them. We also demonstrate how special-purpose 
cryptographic hardware may be needed in some cases. 

1 7 The in ternet worm prog r a m: an a nal ysis 
Eugene H. Spafford 

January 1989 ACM SIGCOMM Computer Communication Review, volume 19 issue l 
Publisher: ACM Press 

Full text available: g pd f( 2.45 MB ) Additional Information: f ull citation , abst r act , cit ings, index terms 

On the evening of 2 November 1988, someone infected the Internet with a worm 
program. That program exploited flaws in utility programs in systems based on BSD- 
derived versions of UNIX. The flaws allowed the program to break into those machines 
and copy itself, thus infecting those systems. This program eventually spread to 
thousands of machines, and disrupted normal activities and Internet connectivity for 
many days. This report gives a detailed description of the components of the ... 
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\ugust 1989 ACM Transactions on Computer Systems (TOCS), volume 7 issue 3 
Publisher: ACM Press 

Full text available^ pdf(2 90 MB) Additional Information: full cit ation , abstra ct, ref erenc es, citings, i ndex 
^ terms , review 

Andrew is a distributed computing environment that is a synthesis of the personal 
computing and timesharing paradigms. When mature, it is expected to encompass over 
5,000 workstations spanning the Carnegie Mellon University campus. This paper examines 
the security issues that arise in such an environment and describes the mechanisms that 
have been developed to address them. These mechanisms include the logical and physical 
separation of servers and clients, support for secure communication ... 
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Existing techniques for designing efficient password authenticated key exchange (PAKE) 
protocols ail can be viewed as variations of a small number of fundamental paradigms, 
and all are based on either the Diffie-Hellman or RSA assumptions. In this paper we 
propose a new technique for the design of PAKE protocols that does not fall into any of 
those paradigms, and which is based on a different assumption. In our technique, the 
server uses the password to construct a multiplicative group with a (h ... 

Keywords: authentication, cryptography, key exchange, password 



20 Usability and authentication: Password policy simulation and analysis Q 
Richard Shay, Abhilasha Bhargav-Spantzel, Elisa Bertino 

November 2007 Proceedings of the 2007 ACM workshop on Digital identity 
management DIM '07 

Publisher: ACM 

Full text available: ^ pdf( 392.24 KB ) Additional Information: full citation , abstract , references , index terms 

Passwords are an ubiquitous and critical component of many security systems. As the 
information and access guarded by passwords become more necessary, we become ever 
more dependent upon the security passwords provide. The creation and management of 
passwords is crucial, and for this we must develop and deploy password policies. This 
paper focuses on defining and modeling password policies for the entire password policy 
lifecycle. The paper first discusses a language for specifying password po ... 

Keywords: management, modeling, password, policy, simulation 
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From the Preface (See Front Matter for full Preface) 

Electronic computers have evolved from exiguous experimental enterprises in the 1940s 
to prolific practical data processing systems in the 1980s. As we have come to rely on 
these systems to process and store data, we have also come to wonder about their ability 
to protect valuable data. 

Data security is the science and study of methods of protecting data in computer and 
communication systems from unauthorized disclosure ... 
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review 

The secure shell (SSH) protocol is one of the most popular cryptographic protocols on the 
Internet. Unfortunately, the current SSH authenticated encryption mechanism is insecure. 
In this paper, we propose several fixes to the SSH protocol and, using techniques from 
modern cryptography, we prove that our modified versions of SSH meet strong new 
chosen-ciphertext privacy and integrity requirements. Furthermore, our proposed fixes 
will require relatively little modification to the SSH protoc ... 

Keywords: Authenticated encryption, secure shell, security proofs, stateful decryption 
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We study protocols for strong authentication and key exchange in asymmetric scenarios 
where the authentication server possesses ~a pair of private and public keys while the 
client has only a weak human-memorizable password as its authentication key. We 
present and analyze several simple password authentication protocols in this scenario, 
and show that the security of these protocols can be formally proven based on standard 
cryptographic assumptions. Remarkably, our analysis shows optimal re ... 

Keywords: dictionary attacks, hand-held certificates, key exchange, passwords, public 
passwords, public-key protocols 
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This paper will describe various methods to secure an APL database application. Primary 
foci will be in the areas of "physical" protection, and in cryptographic techniques. To that 
end, distinctions will be made between "data," and "information." Because of those 
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A device that performs private key operations (signatures or decryptions), and whose 
private key operations are protected by a password, can be immunized against offline 
dictionary attacks in case of capture by forcing the device to confirm a password guess 
with a designated remote server in order to perform a private key operation. Recent 
proposals for achieving this allow untrusted servers and require no server initialization per 
device. In this paper we extend these proposals to enable dynami ... 
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terms 

Password-based key exchange schemes are designed to provide entities communicating 
over a public network, and sharing a (short) password only, with a session key (e.g, the 
key is used for data integrity and/or confidentiality). The focus of the present paper is on 
the analysis of very efficient schemes that have been proposed to the IEEE P1363 
Standard working group on password-based authenticated key-exchange methods, but 
which actual security was an open problem. We analyze the AuthA key excha ... 
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Authentication is the process of verifying a person's claim of identity. The designers of 
secure computer systems have incorporated many techniques of user-validation from law 
enforcement, from industrial security, and from the financial community. Several methods 
have also been developed explicitly for use in computer systems. This paper will present 
an overview of all methods of authentication currently used in computer security. 
Implementation considerations will also be discussed. 
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No secure network file system has ever grown to span the Internet. Existing systems all 
lack adequate key management for security at a global scale. Given the diversity of the 
Internet, any particular mechanism a file system employs to manage keys will fail to 
support many types of use. We propose separating key management from file system 
security, letting the world share a single global file system no matter how individuals 
manage keys. We present SFS, a secure file system that avoids internal ... 
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Existing techniques for designing efficient password authenticated key exchange (PAKE) 
protocols all can be viewed as variations of a small number of fundamental paradigms, 
and all are based on either the Diffie-Hellman or RSA assumptions. In this paper we 
propose a new technique for the design of PAKE protocols that does not fall into any of 
those paradigms, and which is based on a different assumption. In our technique, the 
server uses the password to construct a multiplicative group with a (h ... 

Keywords: authentication, cryptography, key exchange, password 
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We address the problem of securing sequences of SOAP messages exchanged between 
web services and their clients. The WS-Security standard defines basic mechanisms to . 
secure SOAP traffic, one message at a time. For typical web services, however, using WS- 
Security independently for each message is rather inefficient; moreover, it is often 
important to secure the integrity of a whole session, as well as each message. To these 
ends, recent specifications provide further SOAP-level mechanisms. WS-S ... 

Keywords: Web services, XML security 
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SSL is the de facto standard today for securing end-to-end transport on the Internet. 
While the protocol itself seems rather secure, there are a number of risks that lurk in its 
use, for example, in web banking. However, the adoption of password-based key- 
exchange protocols can overcome some of these problems. We propose the integration of 
such a protocol (DH-EKE) in the TLS protocol, the standardization of SSL by IETF. The 
resulting protocol provides secure mutual authentication and key establi ... 

Keywords: Authenticated key exchange, dictionary attack, key agreement, password, 
perfect forward secrecy, secure channel, transport layer security, weak secret 
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Since fingerprint data are no secrets but of public nature, the verification data transmitted 
to a smartcard for oncard-matching need protection by appropriate means in order to 
assure data origin in the biometric sensor and to prevent bypassing the sensor. For this 
purpose, the verification data to be transferred to the user smartcard is protected with a 
cryptographic checksum that is calculated within a separate security module controlled by 
a tamper resistant card terminal with integrated bio ... 

Keywords: authentication, biometrics, cryptographic protocols, data integrity, electronic 
signature, oncard-matching, smartcards, system security, tamper proof environment 
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Traditional strong authentication systems rely on a certification chain to delegate the 
authority of trusting an intermediate end. However, in some practical life scenarios a 
relayed authentication is not accepted and thus it would be advisable a straight proof of 
trustiness with a direct interaction with the involved party. Our protocol introduces a 
registry of certified operations from which it descends the authentication and the 
consequent proof of identity. Despite the fact that such system ... 

Keywords: SSL, authentication, dentification, non repudiation, trust 



18 R ole-based access co ntrol on the web 
Joon S. Park, Ravi Sandhu, Gail-Joon Ahn 

February 2001 ACM Transactions on Information and System Security (TISSEC), volume 

4 Issue 1 
Publisher: ACM Press 

Full text available" ( p*| pdf( 331 03 KB) Additional Information: full citation , abstract , references , citing s, index 

terms , review 

Current approaches to access control on the Web servers do not scale to enterprise-wide 
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systems because they are mostly based on individual user identities. Hence we were 
motivated by the need to manage and enforce the strong and efficient RBAC access 
control technology in large-scale Web environments. To satisfy this requirement, we 
identify two different architectures for RBAC on the Web, called user-pull and server-pull. 
To demonstrate feasibility, we im ... 

Keywords: WWW security, cookies, digital certificates, role-based access control 



19 Secure sessions for web services 

^ Karthikeyan Bhargavan, Ricardo Corin, Cedric Fournet, Andrew D. Gordon 
^ October 2004 Proceedings of the 2004 workshop on Secure web service SWS '04 

Publisher: ACM Press 

Full text available: l jg?|pdf( 351 .35 KB ) Additional Information: full citation , abstract , references , citings 

WS-Security provides basic means to secure SOAP traffic, one envelope at a time. For 
typical web services, however, using WS-Security independently for each message is 
rather inefficient; besides, it is often important to secure the integrity of a whole session, 
as well as each message. To these ends, recent specifications provide further SOAP-level 
mechanisms. WS-SecureConversation introduces security contexts, which can be used to 
secure sessions between two parties. WS-Trust specifies ... 




20 Identifica ti on control : P ub li c ke y dist ri b ution throu gh " cry ptolDs" | 
A. Trevor Perrin 

^ August 2003 Proceedings of the 2003 workshop on New security paradigms NSPW 
'03 

Publisher: ACM Press 

_ ii , , , . , fH , H .. D , Additional Information: full citation , abstract , references , citings , index 

Full text available: to pdf ( 1.51 MB) 

^ terms 

In this paper, we argue that person-to-person key distribution is best accomplished with a 
key-centric approach, instead of PKI: users should distribute public key fingerprints in the 
same way they distribute phone numbers, postal addresses, and the like. To make this 
work, fingerprints need to be small, so users can handle them easily; multipurpose, so 
only a single fingerprint is needed for each user; and long-lived, so fingerprints don't have 
to be frequently redistribute ... 

Keywords: cryptolDs, fingerprints, key distribution, key management, public key 
infrastructure 
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Public-key cr yptograph y and password protocols 
Shai Halevi, Hugo Krawczyk 

August 1999 ACM Transactions on Information and System Security (TISSEC), volume 2 

Issue 3 
Publisher: ACM Press 

Additional Information: full citation , abstract , references , citings, index 
terms , review 



Full text available: t 5| pdf( 275.84 KB ) 



We study protocols for strong authentication and key exchange in asymmetric scenarios 
where the authentication server possesses ~a pair of private and public keys while the 
client has only a weak human-memorizable password as its authentication key. We 
present and analyze several simple password authentication protocols in this scenario, 
and show that the security of these protocols can be formally proven based on standard 
cryptographic assumptions. Remarkably, our analysis shows optimal re ... 

Keywords: dictionary attacks, hand-held certificates, key exchange, passwords, public 
passwords, public-key protocols 



Public-ke y cryptogra phy and password protocols 
Shai Halevi, Hugo Krawczyk 

November 1998 Proceedings of the 5th ACM conference on Computer and 

communications security CCS '98 
Publisher: ACM Press 

Full text available: c g] pdf(1 .28 MB) Additional Information: full citation , references , citings, index terms 



3 Computer securit y ( SEC): Efficient Diffie-Hellmann two-party ke y ag reement | 
^ protocols based on elliptic curves 
Maurizio Adriano Strangio 

March 2005 Proceedings of the 2005 ACM symposium on Applied computing SAC '05 

Publisher: ACM Press 

Full text available: t jg|| pdf(234.27 KB) Additional Information: full citation , abstract , references , index terms 

Key agreement protocols are of fundamental importance for ensuring the confidentiality of 
communications between two (or more) parties over an insecure network. In this paper 
we review existing two-party protocols whose security rests upon the intractability of 
Diffie-Hellmann and Discrete Logarithm problems over elliptic curve groups. In addition, 
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we propose a new two-party mutual authenticated key agreement protocol and 
collectively evaluate the security and performance of all the schemes cons ... 

Keywords: cryptography, elliptic curves, key agreement, protocols 



Accountability protocols: Formalized and verified 
Giampaolo Bella, Lawrence C. Paulson 

May 2006 ACM Transactions on Information and System Security (TISSEC), volume 9 

Issue 2 
Publisher: ACM Press 

Full text available: 1 ^ pdf(433. 82 KB ) Additional Information: full citation , abstract , references , index terms 

Classical security protocols aim to achieve authentication and confidentiality under the 
assumption that the peers behave honestly. Some recent protocols are required to 
achieve their goals even if the peer misbehaves. Accountability is a protocol design 
strategy that may help. It delivers to peers sufficient evidence of each other's 
participation in the protocol. Accountability underlies the nonrepudiation protocol of Zhou 
and Gollmann and the certified email protocol of Abadi et al. Thi ... 

Keywords: Isabelle, Nonrepudiation, certified email, inductive method, proof tools 



Research contibutions: A review of information security issues and res pective 

research contributions 

MikkoT. Siponen, Harri Oinas-Kukkonen 

February 2007 ACM SIGMIS Database, volume 38 issue l 

Publisher: ACM Press 

Full text available: *g| pdf(3 53.82 KB ) Additional Information: full citation , abstract , refere nces, in dex terms 

This paper identifies four security issues (access to Information Systems, secure 
communication, security management, development of secure Information Systems), and 
examines the extent to which these security issues have been addressed by existing 
research efforts. Research contributions in relation to these four security issues are 
analyzed from three viewpoints: a meta-model for information systems, the research 
approaches used, and the reference disciplines used. Our survey reveals that most ... 

Keywords: computer science 



Public-ke y cryptography and password protocols: the multi-user case 
Maurizio Kliban Boyarsky 

November 1999 Proceedings of the 6th ACM conference on Computer and 
communications security CCS '99 

Publisher: ACM Press 

r— 1 1 . i rE* . (H nn Additional Information: full citation , abstract, references , citings, index 

Full text available: t j|] pdf ( 1.00 MB) terms 

The problem of password authentication over an insecure network when the user holds 
only a human-memorizable password has received much attention in the literature. The 
first rigorous treatment was provided by Halevi and Krawczyk, who studied off-line 
password guessing attacks in the scenario in which the authentication server possesses a 
pair of private and public keys. In this work we: Show the inadequacy of both the HK 
formalization and protocol in the ... 

Ap plications and compliance: TCG inside?: a note on TPM specification compliance 
Ahmad-Reza Sadeghi, Marcel Selhorst, Christian Stuble, Christian Wachsmann, Marcel 
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^ Winandy, Horst Gortz 

vg/ November 2006 Proceedings of the first ACM workshop on Scalable trusted computing 
STC '06 

Publisher: ACM Press 

Full text available: t jg?[ pdf ( 587.22 KB ) Additional Information: full citation , abstract , references , index terms 

The Trusted Computing Group (TCG) has addressed a new generation of computing 
platforms employing both supplemental hardware and software with the primary goal to 
improve the security and the trustworthiness of future IT systems. The core component of 
the TCG proposal is the Trusted Platform Module (TPM) providing certain cryptographic 
functions. Many vendors currently equip their platforms with a TPM claiming to be TCG 
compliant. However, there is no feasible way for application developers and ... 

Keywords: TPM, compliance, test, trusted computing 



8 A framework for password-based authent i ca t ed key exchan ge- 1 - | 
Rosario Gennaro, Yehuda Lindell 

May 2006 ACM Transactions on Information and System Security (TISSEC), volume 9 

Issue 2 
Publisher: ACM Press 

Full text available: ^ pdf(574.64 KB) Additional Information: full citation , abstract , references , index terms 

In this paper, we present a general framework for password-based authenticated key 
exchange protocols, in the common reference string model. Our protocol is actually an 
abstraction of the key exchange protocol of Katz et al. and is based on the recently 
introduced notion of smooth projective hashing by Cramer and Shoup. We gain a number 
of benefits from this abstraction. First, we obtain a modular protocol that can be described 
using just three high-level cryptographic tools. This allows a simpl ... 

Keywords: Passwords, authentication, dictionary attack, projective hash functions 



9 Introduction of the asymmetric cry p to graph y in GSM , GPRS . UMTS , and its public Q 
ke y infrastructure inte g ration 

Constantinos F. Grecas, Sotirios I. Maniatis, Iakovos S. Venieris 
April 2003 Mobile Networks and Applications, volume 8 issue 2 

Publisher: Kluwer Academic Publishers 

Full text available: ^ pdf(1 07 . 24 KB ) Additional Information: full citation , abstrac t, references , index terms 

The logic ruling the user and network authentication as well as the data ciphering in the 
GSM architecture is characterized, regarding the transferring of the parameters employed 
in these processes, by transactions between three nodes of the system, that is the MS, 
actually the SIM, the visited MSC/VLR, and the AuC, which is attached to the HLR in most 
cases. The GPRS and the UMTS architecture carry the heritage of the GSM's philosophy 
regarding the user/network authentication and the data ciphe ... 

Keywords: PKIs, PLMNs, asymmetric cryptography 
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^ trans ponder for secure authentication 
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Ricardo Sanchez 

March 2007 Proceedings of the 17th great lakes symposium on Great lakes 
symposium on VLSI GLSVLSI '07 

Publisher: ACM Press 
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Full text available: t g| pdf(347. 57 KB) Additional Information: full citation , abstract , references , index terms 

RFID technology increases rapidly its applicability in new areas of interest without 
guaranteeing security and privacy issues. This paper presents a new architecture of an 
RFID transponder with cryptographic capabilities. Other than being compatible with the 
EPC Class-1 Gen-2 communication protocol, our tag implements an asymmetric ciphering 
module that proved useful in authentication and anti-counterfeit schemes, particularly 
critical in many application fields. Experimental results concerning ... 

Keywords: RFID, authentication, privacy 



1 1 Protecting, applications with tr ansien t authentication 
^ Mark D. Corner, Brian D. Noble 

^ May 2003 Proceedings of the 1st international conference on Mobile systems, 
applications and services MobiSys '03 
Publisher: ACM Press 

Full text available: t g] pdf(2 94.40 K B ) Additional Information: full citation , abstract , references , cited b y 

How does a machine know who is using it? Current systems authenticate their users 
infrequently, and assume the user's identity does not change. Such persistent 
authentication is inappropriate for mobile and ubiquitous systems, where associations 
between people and devices are fluid and unpredictable. We solve this problem with 
Transient Authentication, in which a small hardware token continuously authenticates the 
user's presence over a short-range, wireless link. We present the fo ... 
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12 A symmetric fin ger printin g for lar g er collusions 
Birgit Pfitzmann, Michael Waidner 

April 1997 Proceedings of the 4th ACM conference on Computer and communications 
security CCS '97 

Publisher: ACM Press 

Full text available: pdf ( 1.37 MB ) Additional Information: full citation , references , citings, index terms 




13 Symmetric and As ymmetric Encr y ption 
Gustavus J. Simmons 

December 1979 ACM Computing Surveys (CSUR), volume u issue 4 
Publisher: ACM Press 

Full text available: I g| pdf ( 2.23 MB ) Additional Information: full citation , references , citings, index terms 




14 Augmented encrypted key exchange: a password-based protocol secure against 
^ dictionary attacks and password file compromise 
Steven M. Bellovin, Michael Merritt 

December 1993 Proceedings of the 1st ACM conference on Computer and 

communications security CCS '93 
Publisher: ACM Press 

Full text available: -g|pdff 620.Q9 KB ) Additiona! Information: full^ation , abstract, references, citings, index 

The encrypted key exchange (EKE) protocol is augmented so that hosts do not store 
cleartext passwords. Consequently, adversaries who obtain the one-way encrypted 
password file may (i) successfully mimic (spoof) the host to the user, and (ii) mount 
dictionary attacks against the encrypted passwords, but cannot mimic the user to the 
host. Moreover, the important security properties of EKE are preserved— an active 
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15 Smart Cards and Biometrics: The cool way to make secure transactions 
David Corcoran, David Sims, Bob Hillhouse 
March 1999 Linux Journal 
Publisher: Specialized Systems Consultants, Inc. 

Full text available: jjj] html ( 22.95 KB) Additional Information: full citation , index terms 



16 Cr y pto grap hy and data securit y 111 
Dorothy Elizabeth Robling Denning 

January 1982 Book 

Publisher: Addison-Wesley Longman Publishing Co., Inc. 

r— it i i . , rs* ., Mn hA r>, Additional Information: full citation, abstract, references, cited by, index 

Full text available: pdf( 19. 47 M B) — J ~ 

1 — 1 terms 

From the Preface (See Front Matter for full Preface) 

Electronic computers have evolved from exiguous experimental enterprises in the 1940s 
to prolific practical data processing systems in the 1980s. As we have come to rely on 
these systems to process and store data, we have also come to wonder about their ability 
to protect valuable data. 

Data security is the science and study of methods of protecting data in computer and 
communication systems from unauthorized disclosure ... 

17 Cryptogra ph i c protocol s/ n et work securit y : Secur i ty p roofs for an ef f ic i ent password- Q 
based ke y exchan ge 

Emmanuel Bresson, Olivier Chevassut, David Pointcheval 
October 2003 Proceedings of the 10th ACM conference on Computer and 

communications security CCS '03 
Publisher: ACM Press 

r- .. * * -i i.. ts^i ,f/ooo i^d\ Additional Information: full citation , abstract , r eferences , citings, index 
Full text available: pdf 233. 51 KB ) L — — 
^ terms 

Password-based key exchange schemes are designed to provide entities communicating 
over a public network, and sharing a (short) password only, with a session key (e.g, the 
key is used for data integrity and/or confidentiality). The focus of the present paper is on 
the analysis of very efficient schemes that have been proposed to the IEEE P1363 
Standard working group on password-based authenticated key-exchange methods, but 
which actual security was an open problem. We analyze the AuthA key excha ... 

Keywords: key exchange, password-based authentication 
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Amit Parnerkar, Dennis Guster, Jayantha Herath 

October 2003 Journal of Computing Sciences in Colleges, volume 19 issue l 
Publisher: Consortium for Computing Sciences in Colleges 

Full text available: I g] pdf(74.93 KB) Additional Information: full citation , abstract , references , index terms 

This paper presents the description and analysis of a protocol, which uses hybrid crypto 
algorithms for key distribution. A triple DES with a 168-bit key is used to generate the 
secret key. This secret key is transferred with the help of public key cryptography. The 
authentication process is accomplished by using the message digest algorithm MD5. This 
protocol uses mutual authentication in which, both participants have to authenticate 
themselves via a third trusted certificate authority (CA). Th ... 

20 Password Mana g ement and Di gital Sig natures: Dele g ation of cr yptogra phic servers Q 
^ for capture-resilient devices 
^ Philip MacKenzie, Michael K. Reiter 

November 2001 Proceedings of the 8th ACM conference on Computer and 
Communications Security CCS '01 

Publisher: ACM Press 

r- .. * * -. u. ^on^m Additional Information: full citation, abstract, references , citings, index 

Full text available:™ pdf{31 2. 90JKB) x 

^ terms 

A device that performs private key operations (signatures or decryptions), and whose 
private key operations are protected by a password, can be immunized against offline 
dictionary attacks in case of capture by forcing the device to confirm a password guess 
with a designated remote server in order to perform a private key operation. Recent 
proposals for achieving this allow untrusted servers and require no server initialization per 
device. In this paper we extend these proposals to enable dynami ... 
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EPO; JPO; 

DERWENT; 

IBM_TDB 


OR 


ON 


2006/09/28 11:14 


S29 


5 


mutual$2 adj authenticate same 
(random$2 adj number$4) same 
(public adj key) same (symmetric 
adj key) and (session adj key) 


US-PGPUB; 

USPAT; 

USOCR; 

EPO; JPO; 

DERWENT; 

IBM_TDB 


OR 


ON 


2006/09/28 11:15 


S30 


116 


session adj key same (random adj 
number) with (first) with (second) 


US-PGPUB; 

USPAT; 

USOCR; 

EPO; JPO; 

DERWENT; 

IBM_TDB 


OR 


ON 


2006/09/28 11:15 


S31 


73 


y^t A A \ g II* 1*1 \ 

S30 and (public adj key) 


US-PGPUB; 

USPAT; 

USOCR; 

EPO; JPO; 

DERWENT; 

IBM_TDB 


OR 


ON 


2006/09/28 11:16 


S32 


48 


«Mt y-h % f 11* 1*1 \ 1 

S30 and (public adj key) and 
(password (symmetric adj key)) 


US-PGPUB; 

USPAT; 

USOCR; 

EPO; JPO; 

DERWENT; 

IBM_TDB 


OR 


ON 


2006/09/28 14:42 


S33 


2 


"6539749".pn. 


■ ij*^ #**-*^m in 

US-PGPUB; 

USPAT; 

USOCR; 

EPO; JPO; 

DERWENT; 

IBMJTDB 


OR 


ON 


2006/09/28 14:43 



1/3/08 8:03:59 PM 

C:\Documents and Settings\KAbrishamkar\My Documents\EAST\Workspaces\09986319.wsp 



Page 4 



EAST Search History 



S34 


2 


6539479 .pn. 


US-PGPUB; 

USPAT; 

USOCR; 

EPO; JPO; 

DERWENT; 

IBM_TDB 


fiO 

OR 


ON 


2006/09/28 14:43 


S35 


217 


380/285.ccls. 


1 if r"»f»r"n in. 

US-PGPUB; 

USPAT; 

USOCR; 

EPO; JPO; 

DERWENT; 

IBM_TDB 


OR 


OFF 


2008/01/02 18:41 


S36 


280 


380/283. eels. 


1 if r^/**r^i 1 r"* 

US-PGPUB; 

USPAT; 

USOCR; 

EPO; JPO; 

DERWENT; 

IBM_TDB 


OR 


OFF 


2008/01/02 18:41 


S37 


731 


713/150.ccls. 


US-PGPUB; 

USPAT; 

USOCR; 

EPO; JPO; 

DERWENT; 

IBM_TDB 


OR 


OFF 


2008/01/02 18:42 


S38 


2118 


713/168.ccls. 

\ 


US-PGPUB; 

USPAT; 

USOCR; 

EPO; JPO; 

DERWENT; 

IBM_TDB 


OR 


OFF 


2008/01/02 18:42 


S39 


881 


713/171.ccls. 


1 if pif p» 1 in. 

US-PGPUB; 

USPAT; 

USOCR; 

EPO; JPO; 

DERWENT; 

IBM_TDB 


f\r» 

OR 


/™\t~f 
OFF 


2008/01/02 19:38 


S40 


509 


380/255.ccls. 


US-PGPUB; 

USPAT; 

USOCR; 

EPO; JPO; 

DERWENT; 

IBM_TDB 


OR 


OFF 


2008/01/02 19:39 


S41 


4169 


S35 S36 S37 S38 S39 S40 


1 if 0 f> p» 1 1 p» . 

US-PGPUB; 

USPAT; 

USOCR; 

EPO; JPO; 

DERWENT; 

IBM_TDB 


OR 


OFF 


2008/01/02 19:49 
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S42 


1426 


S41 and (random$ adj number$2) 


i ic r*/"*r*i id • 

US-PGPUB; 

USPAT; 

USOCR; 

EPO; JPO; 

DERWENT; 

IBM_TDB 


a r» 

OR 


Arr 

OFF 


2008/0 1/02 19:50 


S43 


57 


S42 and ((encod$3 encrypt$4) adj 
password$2) 


US-PGPUB; 

USPAT; 

USOCR; 

EPO; JPO; 

DERWENT; 

IBM_TDB 


OR 


OFF 


2008/01/02 19:54 


S44 


43 


S43 and ((public private) near2 
key$2) 


i if n^ni ir>. 

US-PGPUB; 

USPAT; 

USOCR; 

EPO; JPO; 

DERWENT; 

IBM_TDB 


a pi 
OR 


Arr 

OFF 


2008/01/02 19:56 


S45 


12 


S43 and (session ad] key$2) with 
(establishes creat$3) 


US-PGPUB; 

USPAT; 

USOCR; 

EPO; JPO; 

DERWENT; 

IBM_TDB 


An 

OR 


OFF 


2008/01/02 19.58 


S46 


57 


S43 and ((encod$3 encipher$2 
encrypt$4) near2 password$2) 


US-PGPUB; 

USPAT; 

USOCR; 

EPO; JPO; 

DERWENT; 

IBM_TDB 


OR 


OFF 


2008/01/02 20:00 


S47 


10 


S43 and (shared$2 with (secret$4 
adj key)) 


US-PGPUB; 

USPAT; 

USOCR; 

EPO; JPO; 

DERWENT; 

IBM_TDB 


OR 


ACC 

OFF 


2008/01/02 2U:Ub 


S48 


620 


S41 and (password) and (public adj 
key) and (private adj key) 


US-PGPUB; 

USPAT; 

USOCR; 

EPO; JPO; 

DERWENT; 

IBM_TDB 


OR 


a r~r~ 

OFF 


2008/01/02 20:06 


S49 


348 


S41 and (password) and (public adj 
key) and (private adj key) and 
((session shared) near3 (key)) 


i ic n^ni id ■ 
Ub-PCaPUB, 

USPAT; 
USOCR; 
EPO; JPO; 
DERWENT; 
IBM_TDB 


An 

UK 


Urr 


")nnQ/m /no on-no. 
ZUUo/Ul/UZ zu.Uo 
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S50 


"1 A 

224 


S41 and (password) and (public adj 
key) and (private adj key) and 
((session shared) near3 (key)) and 
hash$2 


US-PGPUB; 

USPAT; 

USOCR; 

EPO; JPO; 

DERWENT; 

IBMJTDB 


OR 


OFF 


2008/01/02 20:09 


S51 


4 


PLETHORA. as. 


US-PGPUB; 

USPAT; 

USOCR; 

EPO; JPO; 

DERWENT; 

IBMJTDB 


OR 


OFF 


2008/01/03 15:41 


S52 


2 


timothy near3 simms.in. 


US-PGPUB; 

USPAT; 

USOCR; 

EPO; JPO; 

DERWENT; 

IBMJTDB 


OR 


OFF 


2008/01/03 15:42 


S53 


2 


"5835592". pn. 


US-PGPUB; 

USPAT; 

USOCR; 

EPO; JPO; 

DERWENT; 

IBMJTDB 


OR 


OFF 


2008/01/03 16:18 


S54 


217 


380/285. eels. 


i n^^ni in 

US-PGPUB; 

USPAT; 

USOCR; 

EPO; JPO; 

DERWENT; 

IBMJTDB 


OR 


OFF 


2008/01/03 16:18 


S55 


280 


380/283.ccls. 


i n^^ni in 

US-PGPUB; 

USPAT; 

USOCR; 

EPO; JPO; 

DERWENT; 

IBMJTDB 


OR 


OFF 


2008/01/03 16:18 


S56 


733 


713/150.ccls. 


US-PGPUB; 

USPAT; 

USOCR; 

EPO; JPO; 

DERWENT; 

IBMJTDB 


OR 


OFF 


2008/01/03 16:18 


S57 


2122 


713/168.ccls; 


US-PGPUB; 

USPAT; 

USOCR; 

EPO; JPO; 

DERWENT; 

IBMJTDB 


OR 


OFF 


2008/01/03 16:18 
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S58 


884 


713/171.CCIS. 


US-PGPUB; 

USPAT; 

USOCR; 

EPO; JPO; 

DERWENT; 

IBMJTDB 


OR 


OFF 


2008/01/03 16:18 


S59 


509 


380/255.ccls. 


US-PGPUB; 

USPAT; 

USOCR; 

EPO; JPO; 

DERWENT; 

IBMJTDB 


OR 


OFF 


2008/01/03 16:18 


S60 


4178 


S54 S55 S56 S57 S58 S59 


US-PGPUB; 

USPAT; 

USOCR; 

EPO; JPO; 

DERWENT; 

IBMJTDB 


OR 


OFF 


2008/01/03 16:18 


S61 


4178 


S60 


US-PGPUB; 

USPAT; 

USOCR; 

EPO; JPO; 

DERWENT; 

IBMJTDB 


OR 


OFF 


2008/01/03 16:18 


S62 


934 


S60 and (public adj key).clm. 


US-PGPUB; 

USPAT; 

USOCR; 

EPO; JPO; 

DERWENT; 

IBMJTDB 


OR 


OFF 


2008/01/03 16:18 


S63 


15 


S60 and (public adj key).clm. and 
((encod$3 encrypt$4 encipher$2) 
near2 (password$2)).clm. 


1 1 r* r\ /•*» r\ i in, 

US-PGPUB; 

USPAT; 

USOCR; 

EPO; JPO; 

DERWENT; 

IBMJTDB 


OR 


OFF 


2008/01/03 16:19 
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